Returnil: after rebooting, where does everything go?

Just curious where the malware goes,where do the installed programs,etc disappear to,when your done rebooting the computer

 

It has a module on it that sucks it all up and sends it to a black hole deep in the Alpha Centari system.

Seriously though where basically your system is running in ram and nothing is being written to disc, when you reboot all is lost. I am not sure about when you are using the disc cache method on the premium version.

 

I imagine it is deleted and tagged as rewritable.

It would be nice to know that it is also overwritten or zeroed out.

Does any body know for sure? (perhaps it is proprietary info).

 

Coldmoon will be along to give an answer I am sure.

 

I am Not Realy sure,I really dont understand the to technical stuff.The way I see it as it takes a snap shot image then isolates your partion from running the native windows.If you install something It is technically writen to the the drive.Then upon reboot everything Is lost as If a restore to a previous snapshot image of the native windows it isolated.Is It not In a sense like windows restore to go back to a earlier image.

 

it may clone the $MFT to memory and save the change to the $MFT in memory. when restart, all the data in the RAM will be lost.

 

Threedog said:

That might have to wait for RVS v1000.0

cortez asked:

djohn replied:

Hi cortez and djohn,
RVS takes control of the disk while making Windows believe that it is in control so there is no need for snap shots. RVS clones what is needed on the fly; this in combination with the same disk control gives RVS unique capabilities.

This said, it is true that some remnants of the cloned changes remain on the HDD after reboot but these remnants are only discoverable using forensic techniques (cannot be casually discovered).

We will be re-introducing an older feature that was pulled from testing in the 1.7x series due to instability and need for further development. This is included as a new Advanced Settings option that will wipe the disk cache.

Mike

 

Thanks for the info!

 

So Boost, how are you liking it.

 

Great news, I am enjoying the global protection of Returnil; this is a definite positive attribute in my view.

With the upcoming SELF WIPING CAPABILITIES, It will fortify an already strong anti malware application. It will no doubt be in the armory of many user's computer protection strategies.

I am already quite pleased with Returnil except for the need to reboot to turn the protection on ( I do not have it automatically turned on upon boot up).

With "Norton's Security Suite" on this particular partition, it takes many minutes to reboot; (as I am now a senior citizen, sometimes I get the desire for things to get done very quickly every now and then).

Perhaps this is unreasonable given the protection archived with a simple re-boot. Over all Returnil Premium is worth its price--no doubt about it.

 

Hi Cortez,
What you are looking for is the Session Lock (right click the tray icon and select "Enable") which turns protection on without a reboot but will be off at the next restart of Windows.

Mike

 

Working great!

Plan on reformatting,so I can start out really clean

 

Memory caching or disk caching? And how many mb on the latter?

 

That's the only way to do it right : complete re-installation from scratch and then Returnil to keep it clean.
If you have an Image Backup take images at the right moment and keep them as clean images for restoration only and/or to upgrade your clean images.

 

That is what I did. Added Threatfire in for good keeping but nothing like a new virgin image.

 

Returnil will keep it clean as recovery software, while ThreatFire will stop malware as security software.
If ThreatFire would make a mistake and the malware installs itself, Returnil will remove that mistake as recovery software.
That's the way I see it.

 

Spoke too soon! (should have done more investigating).

Coldmoon: Thanks for the important and time saving tip --cortez